Get the latest news about SolarWinds Security Event Manager (SEM)
I have a federal STIG requirement to monitor for when the SIEM reaches 75% of disk space used. The default rule out of the box called "SolarWinds Disk Warning" uses 90% used as the trigger for the warning. The problem I'm having is in the rule I don't see any 90% listed anywhere in the logic. How does this rules work? The…
I am trying to get LEM to monitor our Kaspersky administration server. I have the Kaspersky Administration Kit connector enabled on the node that is our Kaspersky Administration server. I am not sure if I have it setup correctly though because I am not seeing any events from the connector. I also read that WMI is another…
I have some windows agents that have the LEM appliance IP ending in .85 and I need the agent to point to .185 instead. I thought rerunning the remote installer on the list of hosts would fix this but it's not. Is there some command line flags I can pass the installer to make it update the LEM appliance IP the agent is…
HI, Please let me know,How an we detect attacks from CISCO ASA Firewall using LEM.I have read about various ASA SIDs being logged as syslog messages by cisco firewall upon which cisco recommend some action.What is the best practice be utilized to detect attacks intrusions from Cisco ASA firewall using lem.
I am running the report logon failures by user and want to look at outside business hours, previous day 6pm to current day 6am. I can manually run the report but I need it to run on a daily schedule. When I attempt to schedule using user defined start and end times, it just runs the same day range each day, (10/1/2016 6pm…
Hi, We are about to purchase Solarwinds but need to work out licensing costs first. We have 10 hosts running docker, there are 50 containers running across the hosts. If we wanted to log data for all containers how many LEM licenses would this use. 10. 50 or 60? Thanks, Phil
I've run into an issue with the Sysmon connector on machines running Sysmon v8. The network connect events are no longer properly formatted and information is lost. Below is a screenshot of two events, one from a machine running v8 and one running v7.2. Sysmon v8 added a field called Rule Name to the output, so perhaps…
Hi, I am currently facing some problem in establishing correctional rules.To make a correlation rules we must understand the behavior of attack as per my knowledge. Lem has built in correlation rules like worm detection but I want to make correlation rules customized to my environment.Please let me know that what are the…
In creating a user defined group which is then used as part of a rule, I need to define a subnet or range of IPs. How can that be done other than by using astirik? For example to specify the IPs 10.10.10.0-63 or 10.10.10.0/26
We are pushing our LEM agent to all PCs on our network. While the LEM install agent install package works great, we want to insure that we don't miss any computers on our domain. A co-worker helped me create the attached batch script that we are running this script on the computer side of our group policy. This checks to…
It looks like you're new here. Sign in or register to get started.